Paolo Bonzini wrote: ... >>> Ok? Should I test /selinux instead of /selinux/enforce? >> >> That would be better, since a system for which $(getenforce) reports >> "Permissive", that /selinux/enforce won't exist. >> It might be better still simply to see if getenforce can be run. > > getenforce is not installed on a Debian non-SELinux-enabled system, > still such a system has /selinux and can use libselinux.
Hi Paolo, Perhaps we can view that as a feature. Is it worthwhile to issue your new warning on such a system, given its lack of real SELinux functionality? Actually, just testing for /selinux is fine. An extra warning won't hurt, and might help. For those who don't yet use SELinux, it might pique their curiosity to the point that a few will investigate and eventually enable it.
